[peruser] New potential user of peruser : some questions

Sean Gabriel Heacock gabriel at telana.com
Sun Jul 3 19:28:20 MDT 2005

On Sun, 2005-07-03 at 12:31 +0200, Pascal - Carat-Hosting.com wrote:
> Thanks for your quick answer.

No problem, I was up late :)  Sorry for the delay on this one, my ISP
has been down all day.

> I have an other questoin about the configuration.
> In the VirtualHost section there is :
>  # this must match a Processor"
>       ServerEnvironment user group /home/user
> Does that mean that in the main httpd configuration I must have a processor
> per user/group (so per domain)

That's right.  You can also do this:

Processor user1 group1 /home/user1

<VirtualHost www.domain1.com>
  ServerEnvironment user1 group1 /home/user1

<VirtualHost www.domain2.com>
  ServerEnvironment user1 group1 /home/user1

That is, you can have several vhosts share the same server environment.
There just needs to be a Processor directive that matches (but only one,
you wouldn't need two of them in the example above).

That's how my system is set up - each account on the server has a
"Processor" directive, and one or more domains, all set to use the same
user, group, and chroot directory.

> I also use SuexecUserGroup user group in my VirtualHost for CGI pgms. Any
> impact with peruser ?

It probably wouldn't work, because peruser will already by doing the
setuid/setgid stuff.  Suexec becomes unnecessary - any cgi programs will
be executed by an apache process that's already running as the desired
user and group, so the cgi will also run as that user and group.

> I promise, I stop asking a lot of things, I'll test it on a test server with
> httpd 2.0.52
> Just want to be sure for the processor case

If you have problems getting it working, the first thing to try is to
remove the chroot directories from the configuration.  Getting that to
work properly can be very tricky.

Sean Gabriel Heacock
Telana Internet Services

More information about the Peruser mailing list